Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/CglRf7gAheCeC8FPoAOhcm0Uwpg.roa
File: CglRf7gAheCeC8FPoAOhcm0Uwpg.roa (raw, json)
Hash identifier: ZTT3Z11+lhl5VqKbcKlvM4IU7BJMf8sRaksjulQC1gg=
Subject key identifier: 0A:09:51:7F:B8:00:85:E0:9E:0B:C1:4F:A0:03:A1:72:6D:14:C2:98
Certificate issuer: /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial: 18132FE6
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/CglRf7gAheCeC8FPoAOhcm0Uwpg.roa
Signing time: Fri 07 Jan 2022 05:24:47 +0000
ROA not before: Fri 07 Jan 2022 05:24:47 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 141159
IP address blocks: 91.189.186.0/24 maxlen: 32
185.142.143.0/24 maxlen: 32
185.182.49.0/24 maxlen: 32
185.133.195.0/24 maxlen: 32
185.182.48.0/24 maxlen: 32
2.57.255.0/24 maxlen: 32
185.171.3.0/24 maxlen: 32
5.253.137.0/24 maxlen: 32
185.236.83.0/24 maxlen: 32
81.16.138.0/24 maxlen: 32
185.224.146.0/24 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 403910630 (0x18132fe6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Validity
Not Before: Jan 7 05:24:47 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=0a09517fb80085e09e0bc14fa003a1726d14c298
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:65:9f:00:26:78:a0:38:44:79:f3:56:db:64:
d3:c7:f6:ee:f0:2e:35:a0:7b:6d:bc:39:9b:16:c3:
f7:13:de:89:af:ac:3f:09:5b:f2:76:8c:a0:ba:8b:
5b:9f:e5:da:e9:36:4c:b2:1f:00:43:68:0a:f3:e0:
ca:8d:d3:82:45:26:6b:32:ce:d7:44:7f:ad:71:c6:
86:d8:a4:b8:ae:44:4f:fb:0e:c9:30:92:e6:76:9a:
dd:57:fe:92:eb:2a:1e:10:29:9c:ba:ea:d1:8a:29:
71:df:1a:7a:3f:2f:17:64:8f:66:fc:04:7f:96:c0:
0d:00:b4:18:1f:f6:1f:13:8e:54:72:ec:73:73:a3:
48:30:9c:cb:38:8a:ed:e4:4f:c7:ab:ae:b7:98:6e:
21:25:6e:b7:4d:44:2b:5f:b3:db:73:07:f7:17:3a:
73:67:1c:9b:9e:4f:c4:96:7f:34:bf:4e:aa:03:6e:
65:ad:ac:f9:98:3d:92:4d:a8:1e:ad:f0:17:20:79:
d6:38:1d:23:f0:17:08:0a:9b:f1:f7:b8:8e:35:ea:
4b:cc:08:84:13:26:e6:7e:c7:b1:7e:5f:57:35:b1:
71:e9:2e:64:a8:37:9c:b6:fe:34:54:97:01:a5:9e:
d6:6d:b6:50:23:b0:af:19:16:a8:fb:78:5b:23:78:
bd:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0A:09:51:7F:B8:00:85:E0:9E:0B:C1:4F:A0:03:A1:72:6D:14:C2:98
X509v3 Authority Key Identifier:
keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/CglRf7gAheCeC8FPoAOhcm0Uwpg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.57.255.0/24
5.253.137.0/24
81.16.138.0/24
91.189.186.0/24
185.133.195.0/24
185.142.143.0/24
185.171.3.0/24
185.182.48.0/23
185.224.146.0/24
185.236.83.0/24
Signature Algorithm: sha256WithRSAEncryption
34:ac:69:0a:9c:91:32:7e:4c:4a:0b:ad:f0:44:e0:a1:de:a7:
83:db:87:1d:ac:ab:a4:ed:f5:46:41:1c:8c:67:bf:6f:bb:1a:
0e:ab:34:a8:ae:f7:64:f0:d5:df:06:2a:f4:43:67:bf:b0:2e:
fd:62:03:c6:71:68:44:db:5c:6c:9c:68:c5:46:02:94:d8:de:
19:11:c3:e4:61:1e:65:4c:3f:1c:4b:37:1c:93:ec:bd:da:99:
44:50:8b:82:3e:7d:0d:9e:47:de:f5:f8:c8:2e:49:37:6e:47:
26:c3:ba:f2:e1:88:b8:7d:94:12:13:ba:1d:fc:25:07:23:65:
26:72:6c:48:55:d7:2d:1e:a7:09:04:17:ed:a2:47:fc:f7:66:
13:21:d7:ce:46:8c:78:95:b6:d1:17:06:92:5a:39:12:7f:0d:
42:b5:d8:cd:b0:41:12:db:5e:d6:75:de:f4:66:d6:90:48:b9:
3b:64:67:a6:2e:ed:ae:32:d6:09:e2:a5:82:72:41:ff:3f:1f:
ce:e9:60:3b:ce:fc:b1:5a:3e:bc:f9:dd:47:cd:9e:a3:7b:cf:
ed:c7:a6:7c:a5:a6:fb:dc:6b:64:63:e9:e1:2c:6d:d3:23:b1:
82:4e:1a:67:f6:86:59:ec:f6:42:20:64:76:55:2a:8d:4b:79:
f2:28:4c:60
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgIEGBMv5jANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
YzhmZDFhOGFlNTk5NmMxZTU2OTJjMWE4YzQyYmZlOWMzYmE1NzQ1MB4XDTIyMDEw
NzA1MjQ0N1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMGEwOTUxN2ZiODAw
ODVlMDllMGJjMTRmYTAwM2ExNzI2ZDE0YzI5ODCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAL5lnwAmeKA4RHnzVttk08f27vAuNaB7bbw5mxbD9xPeia+s
Pwlb8naMoLqLW5/l2uk2TLIfAENoCvPgyo3TgkUmazLO10R/rXHGhtikuK5ET/sO
yTCS5naa3Vf+kusqHhApnLrq0Yopcd8aej8vF2SPZvwEf5bADQC0GB/2HxOOVHLs
c3OjSDCcyziK7eRPx6uut5huISVut01EK1+z23MH9xc6c2ccm55PxJZ/NL9OqgNu
Za2s+Zg9kk2oHq3wFyB51jgdI/AXCAqb8fe4jjXqS8wIhBMm5n7HsX5fVzWxceku
ZKg3nLb+NFSXAaWe1m22UCOwrxkWqPt4WyN4vT0CAwEAAaOCAj8wggI7MB0GA1Ud
DgQWBBQKCVF/uACF4J4LwU+gA6FybRTCmDAfBgNVHSMEGDAWgBRsj9GorlmWweVp
LBqMQr/pw7pXRTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2JJX1JxSzVabHNIbGFTd2FqRUtfNmNPNlYwVS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZDAvNDkyNTkwLWEwMmYtNDQzZS1hYWEzLWZlYWMyNmVhZWNjMi8x
L0NnbFJmN2dBaGVDZUM4RlBvQU9oY20wVXdwZy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDAv
NDkyNTkwLWEwMmYtNDQzZS1hYWEzLWZlYWMyNmVhZWNjMi8xL2JJX1JxSzVabHNI
bGFTd2FqRUtfNmNPNlYwVS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBV
BggrBgEFBQcBBwEB/wRGMEQwQgQCAAEwPAMEAAI5/wMEAAX9iQMEAFEQigMEAFu9
ugMEALmFwwMEALmOjwMEALmrAwMEAbm2MAMEALngkgMEALnsUzANBgkqhkiG9w0B
AQsFAAOCAQEANKxpCpyRMn5MSgut8ETgod6ng9uHHayrpO31RkEcjGe/b7saDqs0
qK73ZPDV3wYq9ENnv7Au/WIDxnFoRNtcbJxoxUYClNjeGRHD5GEeZUw/HEs3HJPs
vdqZRFCLgj59DZ5H3vX4yC5JN25HJsO68uGIuH2UEhO6HfwlByNlJnJsSFXXLR6n
CQQX7aJH/PdmEyHXzkaMeJW20RcGklo5En8NQrXYzbBBEtte1nXe9GbWkEi5O2Rn
pi7trjLWCeKlgnJB/z8fzulgO878sVo+vPndR82eo3vP7cemfKWm+9xrZGPp4Sxt
0yOxgk4aZ/aGWez2QiBkdlUqjUt58ihMYA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:54:45 2024 by rpki-client on console-fra.rpki-client.org